Login

What Good has the CAN-SPAM Act Done?

On January 1, 2004, the CAN-SPAM Act took effect. This legislation does not so much make unsolicited commercial bulk e-mail illegal as force spammers to follow certain guidelines or be charged with a felony and face years of imprisonment. The CAN-SPAM Act, ideally, would reduce the amount of junk e-mail most of us receive and make the stuff that does get through a little more palatable (or at least a bit less absurd and fraudulent). Since then, what has changed?

Very little, apparently. According to filtering firm MessageLabs, spam now makes up more than 67 percent of global e-mail. That’s a lot of diet patches! Have the FBI and the Federal Trade Commission done nothing since January? Or is the flood simply too much for any organization, or group of organizations, to tackle?

The answer, so it seems, is a little of both. In late May, both law enforcement agencies testified before the Senate Commerce Committee on the progress they had made in enacting various parts of the CAN-SPAM Act. Concrete results that we can see in our electronic mailboxes take time, but there was at least some cause for hope.

First, the FTC. If you can’t get rid of all the spammers, you can at least target some of the worst and hope they serve as examples. At the end of April, the commission went after two noteworthy spammers: Phoenix Avatar and Global Web Promotions. These two companies alone are responsible for nearly one million of the messages that consumers have forwarded to the FTC to complain about spam since the CAN-SPAM Act took effect. The FTC holds onto the spam sent by complaining consumers and maintains it in a database — and will now presumably use it as evidence against these scofflaws.

{mospagebreak title=Phoenix Avatar}

Phoenix Avatar is a homegrown operation; they’re based in Detroit, and they tap into the overweight-and-desperate market by selling bogus diet patches for $60.00. They also engage in spoofing — that is, they use “innocent third-party e-mail addresses in the ‘reply-to’ or ‘from’ fields of their spam… When spam was undeliverable and bounced back, tens of thousands of undeliverable e-mails bounced to unwitting third parties, sometimes getting the third parties mislabeled as spammers, themselves,” to quote from the FTC’s press release. Spoofing is just one of the practices that Phoenix Avatar engages in that have been outlawed by the CAN-SPAM act; they also do not offer an opt-out option.

You will no doubt be as delighted as I was to hear that US District Court Judge James F. Holderman placed a restraining order on Phoenix Avatar, requiring an end to illegal spamming and deceptive product claims and — better yet — freezing their assets. With Phoenix Avatar making an estimated $100,000 per month from the sales of these fraudulent products, that ought to hit them where they live!

Speaking of hitting them where they live, two of the principals of Phoenix Avatar were arrested, charged with violations of the federal mail fraud laws in addition to their violations of the CAN-SPAM Act. At last report, two other arrest warrants are still outstanding. Let’s hope they don’t try to raise money for their own and their partners’ defense by sending out more spam e-mail.

One would expect Global Web Promotions to be more difficult to reach, even with the so-called long arm of the law. They’re based in Australia, not in the US, even though they send huge amounts of spam over here. They not only sell their own bogus diet patch but also “human growth hormone” products said to “maintain [a user’s] appearance and current biological age for the next 10 to 20 years.” These products are shipped to consumers from within the US.

This group of spammers engaged in outrageous spoofing, among other practices, to the point of disrupting the normal operations of innocent businesses. (Okay, so maybe AOL and Microsoft Network aren’t exactly innocent, but they’re not, in this case, guilty of spamming.)

But what can the FTC do in the case of a non-US business? In this case, the commission can still charge the principals — Michael John Anthony Van Essen and Lance Thomas Atkinson — with violations of the CAN-SPAM Act, and file a motion requesting a restraining order. The FTC is working with the Australian Competition and Consumer Commission and the New Zealand Commerce Commission on this matter, so maybe we will see more action in due time.

{mospagebreak title=Why is This Important?}

Why is this important? These are the first two companies being charged under the provisions of the CAN-SPAM Act. The cases deserve to be watched closely; how else will we know if the act has a working set of teeth? If those teeth don’t bite, then it’s harder to be optimistic about the possibility of living long enough to see the advent of the truly spam-free mailbox.

It’s worth noting that this isn’t the only thing the FTC has accomplished pertaining to the CAN-SPAM Act since January. Its testimony runs to 17 pages. FTC staffers are doing something that government agencies do very well, which is working on a variety of reports. Even so, one recently set forth “a system of monetary rewards to encourage informants to report CAN-SPAM violators.” Get money for helping to turn in spammers? Where do I sign up?

In addition, the FTC is looking into setting up a “Do-Not-E-mail Registry,” similar in concept to the “Do-Not-Call Registry” by which telemarketers must now abide. I can’t speak for everyone, but I know a number of my friends have thoroughly enjoyed the peace and quiet that descended after listing on the Do-Not-Call Registry. I’m sure many of you — like me — have been known to keep an e-mail address longer than a phone number. Think of the implications!

Finally, it’s time to turn to the FBI. The bureau couldn’t point to anything quite as concrete as the FTC. They have, however, been working since last fall on something called the SLAM-Spam Initiative. In the FBI’s own words, the initiative “targets significant criminal spammers, as well as companies and individuals that use spammers and their techniques to market their products. It also investigates the techniques and tools used by spammers to expand their targeted audience, to circumvent filters and other countermeasures implemented by consumers and industry, and to defraud customers with misrepresented or non-existent products.” All well and good, but what has it accomplished?

{mospagebreak title=What’s it accomplished?}

As far as actual arrests, a few, including a high profile case where an ex-AOL employee was arrested for selling e-mail addresses. In addition, since the CAN-SPAM Act went into effect, the people involved with the SLAM-Spam Initiative have managed to identify more than 100 significant spammers; target 50 of these spammers for future legal action; engaged military criminal investigators to help identify criminal acts associated with compromised government sites; catalogued numerous exploits and techniques being used by spammers (hey, someone’s got to do the grunt work); and on and on.

The FBI is planning an initiative later this year “in which it is anticipated that criminal and civil actions under the CAN-SPAM Act of 2003 will be included,” according to the bureau’s testimony before Congress this May. The bureau is working on this with the US Secret Service, the US Postal Inspection Service, the FTC (no surprise there), the Department of Justice, and the state and local agencies that are members of the National White Collar Crime Center. It is just possible that we could see some action late this year or early next year.

So is there at least some cause for hope amid all this? The CAN-SPAM Act has energized a number of law enforcement agencies to take spam seriously. Sadly, we all know that that’s not a guarantee of effective action. And many of us find that spam is rather like a natural force: the more you try to stop it, the worse it gets. Unfortunately, while you can dam the natural force of, say, a body of water to get energy, damning spam as we all do doesn’t increase our supply of energy. Or does it? That’s what started the ball rolling, after all: enough people making a fuss about it.

Still, there are private industry attempts at solutions to the problem. Put the phrase “Spam Blocker” into the Google search engine and you will get 483,000 hits. It goes against the grain to think that none of those spam blockers do a decent job. Even so, while I would love to see all the spammers in the world blocked out of business because of their sheer obnoxiousness, I’m no longer convinced that any one path of action — public agencies or private individuals voting with their software — is going to get spam under control. I keep my e-mail filters up — but I’m also keeping an eye on what the FTC and FBI hope to accomplish. Who knows? There may yet come a day when I never again see an e-mail from “Nigeria.” (But I’m not holding my breath).